How I became a password cracker

Perhaps the same culling had been done on my list of hashes,
with the hacker -- oops, I mean "password recovery specialist" --
releasing a list of only those hashes he couldn't easily crack.
This might explain my low success rate so far, and the thought gave
me some much-needed encouragement after two fruitless hours of
trying to convince myself I wasn't as bad at this as I clearly was.
I was, after all, in the same boat as a noted security researcher
like Graham, and here we were sailing together on the same journey,
docking at the same ports, encountering the same difficult sea
conditions.

I looked at Graham's next step, which was to apply "rules" to
the RockYou dictionary. Such rules dramatically expand the
usefulness of a particular wordlist by generating variations of
those words that might be used to form someone's password. For
instance, one rule might take every word in a wordlist and add two
numbers to the end of it, starting at 00 and progressing up to 99;
this would hit every password from "arstechnica00" to
"arstechnica99." People commonly form passwords this way, so such a
rule would likely produce many hits but at the expense of a 100x
increase in required number of guesses.

All serious password cracking programs can handle such rules,
but the format for creating them differs a bit -- and besides, to
create solid rules you first need to know the most common ways of
forming passwords. While I could guess at a few of these, I was far
from an expert and in any case had no wish to spend several hours
learning how to translate my own terrible rules into proper Hashcat
syntax. Fortunately, I didn't have to. Hashcat comes pre-supplied
with a number of complex rule sets, text files with names like
"d3ad0ne.rule" and "T0XIC.rule." Graham chose to begin with
"best64.rule," which as the name suggests contains the most
productive known rules. I began with it, too.

In best64.rules, each word in the wordlist is first hashed
without any alteration, then the fun begins. At first, the changes
are simple: each word gets reversed, or each has its case
switched. Next comes a "simple number append," which adds a single
digit (0-9) to the end of each word. After that comes "special
number append," which tries 14 specific number combinations that
appear most commonly at the end of passwords:

Each entry in the wordlist then has "e" added to the end, then
"s." Next comes a "high frequency overwrite" replacing the last few
letters of each word with the most common endings found in
passwords (-er, -y, -123, -man, -dog...). High frequency prepends
are next (most common first character: "1") and then high frequency
overwrites at the start of words. Each wordlist item is "leetified"
by replacing "o" with "0" and "i" with "!" and "e" with "3." Words
are "undoubled," words have their most common suffixes removed, the
letters in each word are rotated...

The final set of rules is labelled only "unknown" and shows how
complex the rule syntax can get:

I double-checked that my attack method was "straight," made sure
to select the RockYou wordlist, and set the rules to best64.rule.
If this attack failed to produce a single hit, I resolved to spend
the rest of the day drinking. I clicked the cheekily labelled
button "Hash me, I'm a digest" to start the attack and sat back to
wait.

Three seconds later, the complete set of rule-based variants had
been run against my MD5.txt hash file -- and I had scored a hit
against my hash file. I eagerly opened the text file containing the
list of discovered hashes to see my first cracked password:
"czacza."

I was a god among men, a password-cracking colossus striding
through the world of mortals. The Secrets of the Hash were
mine!

But as I exulted in the exercise of my new powers, doubt crept
quickly in: shouldn't someone who knew the Secrets of the Hash be
able to crack more than 1 out of 16,051 hashes using a rule-varied
RockYou dictionary attack? Graham, by contrast, had nailed 688,000
using the exact same technique, and that was on a hash dataset
already stripped of most common passwords. "Czacza" felt a little
thin by comparison.

Now that I had the system up and running, it was time to find
out why it wasn't running well.

Let's get cracking
I began a series of experiments designed to isolate the problem.
The first involved my hash database; perhaps it had simply been
stripped of all the easy-to-find passwords and all that remained
inside were 12-digit passwords requiring a six-month brute force
attack to crack. So I returned to my "password recovery" forum and
downloaded a new list of 17,000 MD5 hashes and got to work.

The results were the same. Running the RockYou dictionary
through a "straight" attack modified by the best64.rule file
produced only a single result: "tawtaw." This was faintly
unsettling for a reason I couldn't quite name. A nagging voice in
the back of my head suggested that only being able to crack
passwords that followed a single specific pattern -- in this case,
three characters, repeated twice -- was a Bad Sign. I couldn't
decide why this might be a bad sign, exactly, so I shushed the
nagging voice and returned to work.

New attacks on my 17,000 hashes produced slightly better results
but at the cost of dramatically increased cracking times. A
"combination" attack would have taken an estimated 14.5 hours to
complete, though it did crack three passwords in the three minutes
I let it run. A "combinator" attack cracked a single non-patterned
password ("cp2009") in seconds. And returning to a "straight"
attack but using the d3ad0ne.rule file instead of best64.rule
earned me two more hashes ("1234567" and "aaaaa1") after the six
minutes it took to run. I now had six hashes cracked. Progress!

The results still seemed absurdly low, and the fact that I
continued to crack largely patterned passwords gave me pause. Had
both of these hash files really been stripped of every single
RockYou password along with their rule-based variants?

Since wordlist attacks, even using rules, were producing few
hits, I decided to simply "brute force" the hash file. A
brute-force attack simply iterates through every available option
with minimal intelligence, trying "aaaaa" and then "aaaaab" and
then "aaaaac" until it every possible permutation has been tried. I
was extraordinarily thankful for the Hashcat GUI here, which
simplified the configuration options needed to mount a brute-force
attack from the command line.

A brute-force attack requires numerous options, including the
lengths of the attempted passwords and a mask built up from
character sets like these:

I could certainly put together a mask to brute force all
passwords that begin with, say, one uppercase letter, follow with
five lowercase letters, and end with a symbol (?u?l?l?l?l?l?s), but
the GUI made it even simpler to select options like "lowercase
alphanumeric" with particular length constraints.

Brute forcing can take extraordinary amounts of time as the
password length increases; indeed, each additional character in a
password exponentially increases the brute force cracking time, and
passwords over nine or 10 characters could take weeks or months to
crack on consumer hardware. To have any chance of success, I began
with six-character passwords because I had already found some of
this length in the hash file. I also limited myself to lowercase
alphanumeric characters and symbols -- leaving uppercase off for
now because few people voluntarily create SHOUTY PASSWORDS.

The complete run of six-character alphanumeric symbols would
take five hours, Hashcat informed me, but it started showing
results almost immediately. Two minutes in, I cracked 22 hashes.
Four minutes in, it was 28. After six minutes, I was up to 32. Many
of the cracked hashes consisted of nothing but lowercase letters,
so I cancelled the attack and aimed for something more efficient by
throwing out the numbers and symbols. The resulting run went
faster, cracking 334 hashes in one minute and revealing passwords
like "violet" and "ludwig" and "august" and "peanut."

Boom! Who's a script kiddie now?

Many of the cracked passwords were people's names, while others
were common English words. It did seem odd that the vaunted RockYou
wordlist wouldn't contain things as obvious as "august" or
"violet," but I dismissed the thought and went hunting for further
wordlists to see if I could increase my success rate. I grabbed an
English dictionary wordlist along with a huge collection of first
and last names slurped up from that massive corpus of data known as
Facebook. Just for the heck of it, I grabbed a German dictionary
too.

I ran them in a straight attack against my 17,000 hashes,
expecting massive results. Instead I got nothing -- not even
passwords like "violet," which I knew were in both the wordlist and
the hash file.

The nagging voice in my head got louder, the one that had first
suggested some time ago that I had a more fundamental problem than
I cared to admit. Indeed, as I peered more closely at my collection
of files, I began to suspect that somewhere along the way I had made a huge mistake --
and that I had not in fact cracked a single hash using a
wordlist.

Comments

I became a password cracker about 20 years ago when colleague at my first ever job forgot their password for an MS Word document. When I saw the title of this article, I thought perhaps somebody had the same experience.

Initially I wrote some code (fundamentally a recursive loop) to retrieve somebody's lost password via a brute force attack. It was trivial to extend this by swapping the loop function with a text file reader for a a dictionary attack. I later extended this to decryption.

I set up a website offering users an online password recovery service and the ability to download various tools I'd developed. Attack speeds to the average PC have increased, and speed surged upwards as hardware and infrastructure evolved, particularly with multi-core CPUs, GPU acceleration, and improvements in virtualisation and distributed computing What once could take days on my own PC can now be done in seconds across multiple virtual machines in the cloud, e.g. by spinning up several virtual PCs on Amazon EC2.

Security conscious users should take note that most passwords can be cracked in under 60 seconds on a normal PC using a dictionary attack with common alpha-numeric substitutions, e.g. passw0rd. The most common password is still "password".

Tim Acheson

Mar 25th 2013

Congratulations you nitwit!You have just explained to people how to go about cracking passwords in one article.I hope your ego is satisfied with how clever you have shown yourself to be.